Why WireGuard
WireGuard is a modern VPN protocol — faster, simpler, and more secure than OpenVPN or IPSec. It lives in the Linux kernel, uses state-of-the-art cryptography, and has a tiny codebase (~4,000 lines).
Install
# Linux
sudo apt install wireguard
# macOS
brew install wireguard-tools
Generate Keys
# Server
wg genkey | tee server_private.key | wg pubkey > server_public.key
# Client
wg genkey | tee client_private.key | wg pubkey > client_public.key
Server Configuration
# /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <client_public_key>
AllowedIPs = 10.0.0.2/32
Client Configuration
# /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.2/24
PrivateKey = <client_private_key>
DNS = 1.1.1.1
[Peer]
PublicKey = <server_public_key>
Endpoint = server.example.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Start VPN
# Start
sudo wg-quick up wg0
# Check status
sudo wg show
# Stop
sudo wg-quick down wg0
WireGuard vs OpenVPN
| Feature | WireGuard | OpenVPN |
|---|---|---|
| Codebase | ~4,000 lines | ~100,000 lines |
| Speed | Near wire-speed | Slower |
| Handshake | 1 RTT | Multiple RTTs |
| Crypto | Modern (Curve25519) | Configurable (TLS) |
| Kernel | In-kernel | Userspace |
| Roaming | Seamless | Reconnect needed |
Key Features
- Fast — kernel-level, near wire-speed
- Simple — minimal configuration
- Secure — modern cryptography, small attack surface
- Roaming — seamless IP changes
- Cross-platform — Linux, macOS, Windows, iOS, Android
Resources
Need to extract network configs, VPN data, or security metrics? Check out my Apify tools or email spinov001@gmail.com for custom solutions.
Top comments (0)